Sample viewer

vx.netlux.org/Virus.DOS.Remember.1081

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:16:54.743453646Z 42 PC: 12aae | Get date 0x12aae: cmp dx, 0x418
0x12ab2: jne 0x12ae2
0x12ab4: mov ax, 0x9100
0x12ab7: int 0x10
0x12ab9: cmp ax, 0x9100
0x12abc: je 0x12acf
0x12abe: mov ax, 0x804e
0x12ac1: int 0x10
0x12ac3: mov ah, 9
0x12ac5: mov dx, 0x261
0x12ac8: int 0x21
0x12aca: jb 0x12adb
0x12acc: jmp 0x12ae2
0x12acf: mov ah, 9
0x12ad1: mov dx, 0x3aa
0x12ad4: int 0x21
0x12ad6: jb 0x12adb
0x12ad8: jmp 0x12ae2
0x12adb: mov word ptr cs:[0x569], 0x4c00
0x12ae2: mov word ptr [bp + 0x538], ss
2018-12-17T22:16:54.746689527Z 53 PC: 12af4 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:54.748241142Z 37 PC: 12b25 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:54.749348447Z 26 PC: 12b3a | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2991,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:57.849164746Z 42 PC: 12aae | Get date 0x12aae: cmp dx, 0x418
0x12ab2: jne 0x12ae2
0x12ab4: mov ax, 0x9100
0x12ab7: int 0x10
0x12ab9: cmp ax, 0x9100
0x12abc: je 0x12acf
0x12abe: mov ax, 0x804e
0x12ac1: int 0x10
0x12ac3: mov ah, 9
0x12ac5: mov dx, 0x261
0x12ac8: int 0x21
0x12aca: jb 0x12adb
0x12acc: jmp 0x12ae2
0x12acf: mov ah, 9
0x12ad1: mov dx, 0x3aa
0x12ad4: int 0x21
0x12ad6: jb 0x12adb
0x12ad8: jmp 0x12ae2
0x12adb: mov word ptr cs:[0x569], 0x4c00
0x12ae2: mov word ptr [bp + 0x538], ss
2018-12-25T11:47:57.851694489Z 53 PC: 12af4 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:57.853266781Z 37 PC: 12b25 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:57.855797699Z 26 PC: 12b3a | Set disk transfer address

{"DateBased":true,"Day":24,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2991,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:57.967976707Z 42 PC: 12aae | Get date 0x12aae: cmp dx, 0x418
0x12ab2: jne 0x12ae2
0x12ab4: mov ax, 0x9100
0x12ab7: int 0x10
0x12ab9: cmp ax, 0x9100
0x12abc: je 0x12acf
0x12abe: mov ax, 0x804e
0x12ac1: int 0x10
0x12ac3: mov ah, 9
0x12ac5: mov dx, 0x261
0x12ac8: int 0x21
0x12aca: jb 0x12adb
0x12acc: jmp 0x12ae2
0x12acf: mov ah, 9
0x12ad1: mov dx, 0x3aa
0x12ad4: int 0x21
0x12ad6: jb 0x12adb
0x12ad8: jmp 0x12ae2
0x12adb: mov word ptr cs:[0x569], 0x4c00
0x12ae2: mov word ptr [bp + 0x538], ss
2018-12-25T11:47:57.972476668Z 9 PC: 12ad6 | Display string (String= ' <<< Welcome >>> ================================= The OVEL bbs Tel is 02-927-7432 ================================= ')
2018-12-25T11:47:57.983265616Z 53 PC: 12af4 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:57.984761869Z 37 PC: 12b25 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:57.987675922Z 26 PC: 12b3a | Set disk transfer address